Head of Security and Compliance

About The Position

Requirements

• Experience in security risk, compliance, GRC, cloud security, or infrastructure security.
• Working knowledge of cloud platforms such as AWS, Azure, or Google Cloud.
• Familiarity with networking concepts including firewalls, VPC/VNet design, VPNs, DNS, TLS, routing, segmentation, and zero trust principles.
• Understanding of software security concepts, including secure SDLC, CI/CD, vulnerability management, secrets management, and API security.
• Experience with compliance frameworks such as SOC 2, ISO 27001, NIST, CIS Controls, or CSA CCM.
• Ability to document controls, gather evidence, assess gaps, and drive remediation with engineering teams.
• Strong written and verbal communication skills.

Nice To Haves

• Experience in an early-stage startup or high-ownership environment.
• Experience supporting AI, machine learning, data infrastructure, or SaaS platforms.
• Familiarity with AI governance frameworks such as NIST AI RMF or ISO/IEC 42001.
• Experience with Kubernetes, containers, infrastructure as code, and cloud-native security tooling.
• Certifications such as CISSP, CISA, CRISC, CCSP, CCSK, Security+, AWS Security Specialty, or Azure Security Engineer.
• Experience implementing or administering GRC platforms, SIEMs, CSPM tools, vulnerability scanners, and ticketing workflows.

Responsibilities

• Partner directly with engineering, infrastructure, and product teams to identify security risks and design practical controls across AI platforms, cloud infrastructure, networking systems, APIs, and software delivery pipelines.
• Build and operationalize security and compliance programs supporting frameworks such as SOC 2, ISO 27001, NIST CSF, NIST AI RMF, CSA CCM, and customer security requirements.
• Drive improvements to cloud and application security controls, including IAM, network segmentation, encryption, logging, secrets management, vulnerability management, and secure SDLC practices.
• Help define security approaches for AI systems, including model access controls, data protection, third-party AI tooling, auditability, and misuse prevention.
• Build scalable processes for audit evidence collection, risk tracking, remediation management, and security reporting across technical and non-technical stakeholders.
• Contribute to broader security and operational readiness efforts including vendor risk management, incident response preparedness, business continuity planning, and security policy development.